Turns out not to be so easy: not every city (Q7930989) is a human settlement (Q486972), so take the UNION.

"Located in country" (P17) seemed the only reasonable relation of cities and countries, so iterate that over
Russia (Q159), Belarussia (Q184) and Ukraina (Q212)
but it turns out that at least Omsk (Q898) is not in the country of Russia (Q159) but instead
is an "instance of" (P31) an "administrative territorial entity of Russia" (Q192287),
so UNION over "administrative territorial entities" of Russia and Ukrainia.

Turns out that there is an "administrative territorial entity of Crimea", so who knows
what other non-orthogonal classifications people used to enter ex-Soviet cities into WikiData.
Not exactly promising.

Since you're not here to learn anything,
but to be taught
so you can pass these tests,
knowledge has to be organized
so it can be taught,
and it has to be reduced to information
so it can be organized.
Do you follow that?

In other words
this leads you to assume that organization
is an inherent property of the knowledge itself,
and that disorder and chaos
are simply irrelevant forces
that threaten it from outside.

In fact it's exactly the opposite.
Order is simply a thin, perilous condition
we try to impose on the basic reality of chaos.

A quick look at Georg Nees' computer-generated artwork Schotter made me code schotter.ps, a PostScript version of Schotter, which should look different every time it is rendered or printed (The picture below is a PNG of one possible rendering).

The Shœstringfoundation has a long term project
to provide a distributed (*bing*), fault-tolerant (*bing*) storage system with
servers at several locations, accessible through IPv6 and TOR hidden services.
Tahoe LAFS will be the storage layer,
with a web frontend and SFTP for automated access and FUSE (where available).

A prototype is already running on servers in a
unique local address network
spread over several locations, connected by VPN tunnels.

What is missing is a stable IPv6 prefix to make the service reachable
for the rest of the world.
Experiences with SiXXs and german ISPs led me to the conclusion that
a provider independent prefix is needed.
The friendly folks at
openfactory in Switzerland
offered their help, for which i'm grateful.

Many german ISPs now “provision” their customers (i.e. practically everybody)
with IPv6-connected middleboxes that translate a non-routable IPv4 net at one end
to an address from a small pool of routable IPv4 addresses at the ISP. The IPv6 networking
is a side-effect.

Now everybody has IPv6 connectivity, it seems. But the german ISPs don't assign static v6 prefixes,
they change them periodically as they did with v4 addresses in the heydays of forced DSL disconnects.

The ISP that supplies uplink at my home has a /32 prefix. They could subnet this in 212 ways
to map their routing topology and still give out 220 static prefixes to their customers.
When asked nicely, they responded that they do not even consider it.

Why not? Because everybody could then run servers at home without paying extra for it, because
that's what End-to-End Internet was all about. And they make sure it is not going to happen, IPv6
or not. (See also artificial scarcity)

So people run tunnels to SiXXs (of fond memory) and hurricane electric to get decent IPv6 prefixes
through the already IPv6-enabled infrastructure of their providers.

Searching for ISPs around here that do hand out static prefixes was depressing. There are
high-profile providers with technically excellent offers
for commercial entities with a steady flow of earnings, but for a non-profit project they
are way too expensive (€ 250 and more per month).

Various Howtos about DKIM exist. After creation of a public/private keypair for signing, some
of them advise to insert a TXT RR of the following kind
into the zone file containing the affected mail domain:

The semi-colon (;) is the start-of-comment in zone files. Typing
the quoted line verbatim cuts off everything after k=rsa.

TXT records have a maximum length of 255 chars (because some length
field has only 8 bits), so even when the semi-colons above are masked with backslashes,
nsd (version 4.1.10) will refuse to load the zone file, but will not
explain why the parser thinks it is erroneous.

Not because people can hide their illicit websites (the Warez community
managed to do that decades before), but for other reasons:

Firstly, .onion addresses name services, not host interfaces. Tying interface
addresses of hosts to names and re-using them in URLs to point at services is a misdesign which leads
to such kludges as the Server header in HTTP/1.1 where the application
transmits which name it was using when initally connecting to the service.
So URLs map services to hostnames which map to IP addresses which have interfaces which have bound
services which get the unresolved
names again on the application layer to find out which service was actually addressed.
This makes it very complicated to move a service without fiddeling with DNS.
An .onion name does not have to ultimately resolve to a globally visible interface address.
Instead it identifies the tunnel-entry for a service which can be moved from machine to
machine as long as the hidden_service configuration is carried along.

Secondly, .onion addresses deliver what https URLs failed to,
namely mapping public keys to services uniquely.
There are no multi-rooted hierachies of CAs behind the name-to-key bindings, no obscure
ASN.1 based certificate schemes. An .onion address uniquely and automatically
identifies the service with the public/secret key pair involved in the key exchange.
There has been at least one attempt to build something similiar into IPv6 addresses
(RFC 3972), but implementations
are either missing or hidden in the darknet. And because connections inside
the tor network are always encrypted, one could even safely run a telnet daemon inside
a hidden service.

As a result of Secondly, Thirdly, .onion addresses are a barrier-free global namespace, without
absurd fees charged for bits in config-files, trademark disputes and the like.

I run at least one hidden service on each relevant machine to provide a MITM-safe entry point to services.

I have screen(1) running contineously on servers. On some
of them, the screen contains ssh-sessions to further machines. Because
i trust these servers less than my laptop, i don't store secret keys
there, i use AgentForwarding on the connection to the server and
ssh-add -c $relevant_key on the laptop, so i must confirm
each use of the key through the forwarding.

On disconnecting/reconnecting
to the server in question, the SSH_AUTH_SOCK variable
changes, but remains unchanged inside the long-running screen. ssh from
inside screen will prompt for passwords, because the
ssh-agent does not respond on the old path.
i found no clean solution to propagate the change to the
screen windows after re-attaching them.

So all screen windows have SSH_AUTH_SOCK set
to the same path always, and when i connect to the server,
the shell soft-links that path to
the actual socket which is forwarded through ssh to
the ssh-agent on my laptop.

Requirements: a host with a running tor node, qemu,
some diskspace for the emulated system, install media for an OS on the emulated system
Result: a host with an .onion address, connectivity restricted to
TCP and no traceable IP address.

Start qemu with the following options

-net nic \
-net 'user,hostfwd=tcp::5555-:22,restrict=on'

The emulated machine will have a network interface
unconnected to anything, autoconfigured to 10.0.2.15/24.
Qemu will forward connections to localhost:5555 to sshd
on the emulated machine.

Create a user on the emulated system and install wlogdsocks-torify
or some other socksifier that forwards DNS requests.

On the machine hosting the qemu forward the local tor port to
the emulated system:

ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &

The emulated system can now reach TCP services through
socksified programs, e.g.

and restarting tor. Seconds later
/some/place/hidden_qemu/ will contain a file
hostname with the .onion address
tied to the SSH port of the emulated system. The
emulated system is now reachable by SSH only.
Connections to the system will be shown to originate at
10.0.2.2.

Assuming that qemu makes no errors (ahem), accounts
on the emulated system can not easily find out where the hosting
machine is (for small values of "not easily").

The Bank for International Settlements (BIS) hosts
an annual conference that brings together central bank governors, leading academics
and former public officials to exchange views.
At the 13th Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanisms
of the financial market in connection with
the 2007-now crash.
The paper includes the following fascinating statements:

[..] But it is hard to believe that investment bankers would be colluding to defraud investors
[by issuing opaque securities].

Probably as hard to believe as that investment bankers would be colluding to defraud investors by
manipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they
did).
Or that a publicly held, international corporation would massively invest in
the expansion of the Auschwitz concentration camp (they did) .
An economic reality is that white-collar crime has a higher Return on Investment than most legal activities,
so the imperative of increasing profits enforces criminal behaviour,
specially when the the rate of detection+prosecution+conviction is near zero.
And shortly after:

[..] But it equally hard to believe that hard-nosed profit-hungry investment bankers and
traders would be ignorant out of ignorance.

The crash did not harm the profits of aforementioned bankers and
traders at all. So there is no incentive to smarten up (Holmstrom is supposed to be an
expert on incentives).
Later we read:

Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant they
call relative EMH), Gilson and Kraakman (2014) among others have advocated [...]

What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis.
If prices reflect all available information, and still fluctuate by more than 50 percent
in a single day, then that reflecting property is worthless.
That leading academics show such naïvité at the motivations
of criminals and cling to unrealistic assumptions is just depressing.

The paper goes on to show that collateral-backed debt is an extremely stable investment,
and information-insensitive (because 1. it is backed and 2. the debtor might recover before
the debt contract ends). Having more transparent collateralisation, Holstrom argues,
would affect the traders' belief system as to the value of the lending bank, thereby
endangering the stability of banks, which is posited as a common good. In other words:

market participants are not rational, they have “belief systems”

market efficiency is bad for market participants

market efficiency is not a necessity, it can easily be avoided by publishing less information

This reasoning could be called anti-circular, and I'd suspect that there is no
other field of academics where conclusions negate the premises used to draw the conclusions.

Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, as
he points out the aspect of time (mostly ignored by economists, because differential
equations are just too hard) in the handling of debt, i.e., debt based vehicles rely
on a rollover of short-term debt over time. So they're not so risk-free over a longer term.

Gödel proved the incompleteness of minimal logic combined with
minimal arithmetic. He was careful to point out that every step
in the proof is constructive. So one would assume that the whole
process up to the unprovable theorem about numbers could be implemented.
The original paper in fact has a point by point implementation in
Gödels's own notation of primitive recursion. Porting this to
Scheme seemed viable.

Gödel has a curious programming style, specially when it
comes to performance. For example, after definition of Pr(n)
as the n-th prime number, l(n) as the number of encoded numbers in
n, and n Gl x as the n-th coded number
in the number x, he defines the concatenation of terms x and y as

To get the concatenation of x and y, find the first number z, starting from 1, such that z is smaller than the
len(x) + len(y)-th prime taken to the (x+y)-th power, and such that for all n less than len(x)
the n-th term in z is the n-th term in x, and such that for all n less than len(y),
the (n+len(x))-th term in z is the n-th term in y

Remember that the n-th encoded term k in x is the factor (n-th prime)k of x, so
this algorithm will try an incredible number of wrong candidates before reaching a likely candidate.

While implementing Gödel's proof in a kind of Test Driven Development I had to
stop at point 22 in the original paper, because from that point on even trivial tests will not
finish before the sun burns out. For an explanation, see
end of
code.

As everybody but the worst conspiracy theorist knows, everything sent over
the Internet is recorded and can be used against us (the buzzing noise you're
hearing is an armed drone circling the building).

Encrypting e.g. Internet Relay Chat a la PGP would protect the message on
the wire from eavesdropping. But if the message is recorded (which it is),
then a compromise of the involved secret keys would allow decryption at
a later date. And since thorough inspection of laptops at airports is routine,
we can assume that keys do get compromised now and then. With classical
public key crypto, the potentially incriminating content is also digitally signed,
so it can be used as a strong evidence against the utterer.

Can we make conversations on the Internet more like private conversations,
which are not normally recorded and where utterances are not signed?
This was answered to the affirmative in Borisov, Goldberg and Brewer's
paper Off-the-Record Communication.
And there's an implementation.

Peter Welch's Essay
movingly reports how it is to be a sysadm and/or programmer in our networked
and hype-driven world of defective software. I read it aloud to my significant
other because it is so true.

The simple terminal by the
laudable suckless.org persons lacks xterm's
Tektronix 4014 emulation and several other features of questionable
utility.
The engineers' war cry "Keep it simple, idiots" is more audible
in st's implementation, less than 4 kLOC, and
anti-aliased fonts all the same (by use of libfontconfig).

At a talk given at the TU Munich, somebody asked Jacob Appelbaum why he (the questioning party)
should care about privacy at all. I routinely ticked off a list of possible answers, but
Jacob had a new one (to me): (quoted from memory)

So you're doing nothing illegal, why should you worry about privacy?

Well, in the
late 40ies there were people who were thinking about the possibility of changing
the political landscape of the US. They visited lectures, read papers and pamphlets etc,
everything totally legal. Yet a few years later they were accused of being communists
and were fired. Because they did something totally acceptable a few years earlier.

In the 90ies there were Muslim families in the US who followed the custom of donating
to foreign aid organisations. A few years later those organisations were decreed to
be aiding terrorists and therefore everybody giving them money in the past is now
a criminal. Because they did something totally acceptable a few years earlier.

And who knows what totally acceptable deed now will be illegal post hoc tomorrow.
The accumulated history of past behaviour can be used anytime in the future to
discredit or accuse. And the accusing party can filter the data for damning evidence,
whereas the accused has no access to the data to find exonerating evidence in it.

So history teaches us that everybody should have very strong objections against
a secret store of every word they ever muttered online.

In Germany, it is a felony to be member of a criminal organisation. That an
existing organisation has criminal purposes can only be decided after somebody
joined it. So this definition of a criminal act by being a member of some organisation
implies the post hoc for at least some members.

What does it do? It returns a function that returns 1, 2, 3, ... when
called repeatedly. It's a way of keeping state in a world of functions.
Don't confuse it with C's static Variables inside functions.
mkcounter constructs a new counter object for each invocation,
so

fails with UnboundLocalError: local variable 'n' referenced before assignment,
which is somewhat confusing, since n is visible in _inner_ if
the n = n+1 line is removed.
The impossibility of LoL in Python has been pointed out in
PEP-3104 but was only fixed in Python 3.
In Python 3 it's possible to reconstruct LoL by the dubiously named nonlocal
directive:

emacs has the fabulous SLIME mode which
turns emacs into a LISPmachine, with interactive inspection and whatnot. It talks over TCP to
a LISP REPL wrapped in SWANK, executing a huge palette of commands to debug and trace code,
as well as the more-or-less trivial evaluation of code snippet from emacs buffers.

As a very weak approximation in vim there's jpalardy's vim-slime which uses screen to paste
stuff from vim into a screen window presumably running a REPL. The implementation
is totally vim specific.

If the action is just to paste stuff into another window using screen's own -X
option then it should be doable with a shellscript. So here are swan and
slim.

swan

starts the Chicken Scheme REPL and
injects the window's identifier into screen's environment.

slim

pastes its stdin into the REPL window.

Combined with good-old vi's map keybinding command
this is just as powerful as vim-slime but more flexible.

My .exrc now contains the line

:map C !%slim^M

which pastes text between matching parens into the REPL.

Update

slim now uses screen's register s so that the copy/paste
register remains untouched.

Started to play with Plan9 again.
First major experiment: Run a bare-metal cpu server without local disks. All configuration
can be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem.
The Plan9 server runs on an old 1U Pentium 4 server.

Results so far: PXE finds Plan9 loader, that again loads a plan9.ini by TFTP
which specifies a kernel, which then mounts its rootfs from a u9fs on
OpenBSD. Said rootfs contains cpurc which determines the server's behaviour.

9pxeload will load 9pccpu from the TFTP server it
found on ether0 and supply that kernel with the infomation that
its rootfs will be remotely supplied from 192.168.66.11.
Console is on first serial interface with 19200bps and no parity.

On 192.168.66.11 the following entry in inetd.conf
starts 9legacy's modified
u9fs2 process on demand:

(This implies that the service 9fs is already defined as 567
in /etc/services.)
The u9fs exports the filetree under /mnt/9atom without
authorization. This is excusable only in a private network and necessary only
because my rootless cpu server does not know the password for the remote fs.
A way around that would be to put the password into the kernel itself (which
again is totally insecure in an open network where everybody can fake the MAC
and pull the kernel...)

The Plan9 server can now be controlled completely from the OpenBSD machine
which is nice for testing configurations.

The original u9fs found in
/sys/src/cmd/unix/u9fs.c exported the whole fs of the server.
This led to the custom of chrooting the process, with all the
pitfalls included.
The 9legacy patch
allows to export arbitrary subtrees.

noticed the for loop? It tries to malloc ten times before giving up. This
seems to assume that some concurrently running part of zabbix frees memory, or that
the system suddenly (while this loop is running, that is) assigns a higher memory bound for zabbix.

noticed the MAX in the for loop? It tries to catch and disguise the error of requesting zero
bytes by always returning at least one byte

The local Fablab has a laser cutter. What would
be more natural than to use it to produce jigsaw puzzles? The snag is: How
get the patterns to saw as SVG graphics. The answer: create an archetypical
interlocking border of a jigsaw puzzle piece as SVG path and randomly transform
it for every connection in a n times m grid.Implemented
in Chicken Scheme.

function mf = memoize(f)
% Returns the memoized version of function f.
% f must have exactly one numerical argument.
% The memoized version cannot be called without an argument.
% Memoizing functions of continous ranges
% may not be as useful as imagined...
h = []; % our pseudo hashtable by abuse of the property list.
% MatLab creates this fresh for every call of memoize
% and retains it for the lifetime of the memoized function
function r = ff(x)
% matlab allows only "MatLab words" as keys
xstr= ['m', num2str(x)];
if isfield(h, xstr)
r=h.(xstr);
else
h.(xstr) = f(x);
r = h.(xstr);
end
end
mf = @ff;
end

Everybody has seen various travesties of Claude Garamond's typeface because
it is one of the favourite fonts for books. Georg Duffner (with the help of
many) has created an
OpenType Font from an scan of a 1592 cut of Garamond's roman font.
A notable difference to modern cuts is the height of the stems of lowercase letters.
This seems to be a trend, even new typefaces like the original Times Roman look
flattend in newer cuts.

Recently I stumbled over Steve Yegge's essay “Execution in the Kingdom of Nouns ”
which reflects on the linguistic styles of programming philosophies. Really something to
think about. The points stated in the essay are quite observable in code that comes my way.

One nicely wrought wreath from the many flowers out of the Garden of Object Oriented
Design Patterns is the following:

For the lack of a nail,
throw new HorseshoeNailNotFoundException("no nails!");
For the lack of a horseshoe,
EquestrianDoctor.getLocalInstance().getHorseDispatcher().shoot();
For the lack of a horse,
RidersGuild.getRiderNotificationSubscriberList().getBroadcaster().run(
new BroadcastMessage(StableFactory.getNullHorseInstance()));
For the lack of a rider,
MessageDeliverySubsystem.getLogger().logDeliveryFailure(
MessageFactory.getAbstractMessageInstance(
new MessageMedium(MessageType.VERBAL),
new MessageTransport(MessageTransportType.MOUNTED_RIDER),
new MessageSessionDestination(BattleManager.getRoutingInfo(
BattleLocation.NEAREST))),
MessageFailureReasonCode.UNKNOWN_RIDER_FAILURE);
For the lack of a message,
((BattleNotificationSender)
BattleResourceMediator.getMediatorInstance().getResource(
BattleParticipant.PROXY_PARTICIPANT,
BattleResource.BATTLE_NOTIFICATION_SENDER)).sendNotification(
((BattleNotificationBuilder)
(BattleResourceMediator.getMediatorInstance().getResource(
BattleOrganizer.getBattleParticipant(Battle.Participant.GOOD_GUYS),
BattleResource.BATTLE_NOTIFICATION_BUILDER))).buildNotification(
BattleOrganizer.getBattleState(BattleResult.BATTLE_LOST),
BattleManager.getChainOfCommand().getCommandChainNotifier()));
For the lack of a battle,
try {
synchronized(BattleInformationRouterLock.getLockInstance()) {
BattleInformationRouterLock.getLockInstance().wait();
}
} catch (InterruptedException ix) {
if (BattleSessionManager.getBattleStatus(
BattleResource.getLocalizedBattleResource(Locale.getDefault()),
BattleContext.createContext(
Kingdom.getMasterBattleCoordinatorInstance(
new TweedleBeetlePuddlePaddleBattle()).populate(
RegionManager.getArmpitProvince(Armpit.LEFTMOST)))) ==
BattleStatus.LOST) {
if (LOGGER.isLoggable(Level.TOTALLY_SCREWED)) {
LOGGER.logScrewage(BattleLogger.createBattleLogMessage(
BattleStatusFormatter.format(BattleStatus.LOST_WAR,
Locale.getDefault())));
}
}
}
For the lack of a war,
new ServiceExecutionJoinPoint(
DistributedQueryAnalyzer.forwardQueryResult(
NotificationSchemaManager.getAbstractSchemaMapper(
new PublishSubscribeNotificationSchema()).getSchemaProxy().
executePublishSubscribeQueryPlan(
NotificationSchema.ALERT,
new NotificationSchemaPriority(SchemaPriority.MAX_PRIORITY),
new PublisherMessage(MessageFactory.getAbstractMessage(
MessageType.WRITTEN,
new MessageTransport(MessageTransportType.WOUNDED_SURVIVOR),
new MessageSessionDestination(
DestinationManager.getNullDestinationForQueryPlan()))),
DistributedWarMachine.getPartyRoleManager().getRegisteredParties(
PartyRoleManager.PARTY_KING ||
PartyRoleManager.PARTY_GENERAL ||
PartyRoleManager.PARTY_AMBASSADOR)).getQueryResult(),
PriorityMessageDispatcher.getPriorityDispatchInstance())).
waitForService();

Inspired by Adi Shamir's TWINKLE optical
device for finding smooth numbers, which works at GHz, I wrote an audio device for finding smooth
numbers, which works at low kHz. In absence of a good, screeching acronym, I'd call it
Dysphony in b-Smooth.

The idea is to convert the smaller prime factors of numbers into sound. The code does this
by keeping n counters, each of which is increased modulo its individual prime.
At the moment, these are the first 1000 primes. After every increment the counters
that contain a zero are collected and a sine wave is constructed from the associated
frequencies (index*(2000/n) + 40 Hz) at an amplitude proportional to
the logarithm of the prime (so that the frequent divisors 2,3,5,etc have a low impact).
Each sound lasts a small fraction of a second. If a loud noise is audible, it is
the representation of a number with many different and/or larger prime factors.

The scientific value of this is approaching zero from the left, but it was a nice
exercise to have the computer produce sound after my last attempts in 1987 on
an Atari ST.

The node tags at the start presumably all refer to the city of Erlangen (since they all have roughly the same lat/lon coordinates), but this can only be inferred by observing that they are placed before a node with actual content naming the city.

The type of a node is hidden in the v attribute of a tag tag's k
attribute, iff that attribute has the value place, in the case of Erlangen the v is city. This type seem's not to be
checked in any way, I found place attributes with ks of yes, no, Naturflaechendenkmal and various others.

There's no way to automatically verify this mess so why use XML at all?!??

The embedded openGeoDB content repeats values of other attributes. This almost necessarily
results in outdated entries, mismatches, and general headaches.

The is_inv value repeats contents of the is_in:continent attribute.

There is a continent Europe in the OSM database, as are the state, county, etc. and their nodes surely have ids. So why not use XML's idref to refer to them?

For eight years it has been known (and Verified)
that MySQL does not release diskspace it has claimed in its ibdatax files.
The bug leads to full disks and database outages since the only way arround it is to shut down
the DB, dump it (consuming even more space) scrubbing the disk and restoring from dump.

In the good old days, when NTK was still around,
I always envied the British for their absolutely superior hacker conferences.
To give an example, a talk by James Larsson on NotCon'04 explains how
to measure time with a BBC Micro and a
Marks&Spencer Prawn Sandwich. It's in the first ten minutes
of this stream
(local copy).

Since NIS has seen its hayday (in the early 90ies), we switched to the highly
secure LDAP+Kerberos setup. OpenLDAP is touted as the allround “Solution”
to all user account management, sorry, I meant to say account provisioning.
After converting our NIS passwd file to thousands of LDIF files we
imported them with the obvious three-liner

What the fsck were they thinking???

OpenBSD's installation ramdisk does not contain useful tools
to quickly transfer files from a remote machine. Specially
the absence of netcat is painfully felt.
The typical routine to transfer a set of files from Host A to the
Host-to-be-installed B would normally be

Few people but nameserver admins know the .arpa
toplevel domain.
It has an hierarchical scheme with zones just as all other TLDs.

It's main use is to reverse map addresses. For an IP
address like

111.22.3.4

this is done by
requesting the PTR record for the hostname

4.3.22.111.in-addr.arpa

The DNS server for
in-addr.arpa delegates the request to
the server responsible for 111.in-addr.arpa
and so recursively until a server is found who is responsible
for the whole network containing the address. The reply
typically is a hostname.

But there is no technical barrier against requesting other record
types from under the .arpa tree. The DNS servers happily
return A,
AAAA,
CNAME,
DNAME or other records when asked nicely.

And nothing prevents an DNS admin from placing non-PTR records
in the .arpa subzone. And nothing prevents
them from prefixing arbitrary strings in front of the IPv6 subnet.
And of course those .arpa names can be used
just like hostnames...

For example, a valid URL for this blog could be this or
that or even
thiß.

Miod Vallat ported OpenBSD to the chinese MIPS64
remake Loongson 2F,
so I wiped the bloated Linux installation
from my Yeeloong.
On the Pros side, OpenBSD on Loongson works out of the install,
with X11 and everything running.
On the Cons side, there seems to be a serious flaw in
fundamental stuff that stops
Python from building and introduces bugs in libgmp.
And without Python no mercurial
and therefore no happiness yet.UPDATE: The python build issue is fixed in -current. Mercurial works
on the yeeloong!

All creativity is an extended form of a joke. Most
creativity is a transition from one context into
another where things are more surprising. There's an
element of surprise, and especially in science, there
is often laughter that goes along with the
”Aha“. Art also has this element. Our job
is to remind us that there are more contexts than the
one that we're in --- the one that we think is reality.

The Curta is a mechanical computing device, about
12.5 cm high, 8 cm in diameter, with
49 bits internal precision. I'm totally in
awe about the elegance of the design and the smooth
handling. Trying to actually compute something, e.g. a
square root, on this machine, immediately makes one
aware of the roots (sic!) of numerical mathematics. There
simply is no button marked √ on the Curta, and
still people used this very machine to compute square
roots (and logs, and trigonometric functions, ...).
Until the 1980ies most scientists knew how to
efficiently compute everything on such add/substract machines,
and this knowledge is now buried without a tombstone.

Russ Cox's drawterm
is a terminal program to connect to a Plan9 CPU server from Unix.This
is a port for OpenBSD (i386, amd64, sgi and sparc64).

Plan9 normally provides a graphical user interface
instead of just a Command Line Interface on login, and so
does drawterm. In Plan9 terms, it exports
a part of the Unix box's drawing device, the keyboard and
the mouse to the CPU server and the programs started there
more or less directly draw on the window. No need for X-Forwardings
and the like. In addition it exports the user's $home directory to the
CPU server as /mnt/term, so that the usual routine of

Findings

XSLT relates
to general purpose programming as Cholera relates to dinner invitations.

Variables in XSLT aren't, and there's no imperative iterative statement,
so state must be kept on stack and recursion is the only way of iteration.
Combined with the fact that most XSLT compilers that we tried do not
utilize tail recursion, this quickly leads to stack overflows even
for small inputs.
Thanks to Meredith L. Patterson
for cool tricks to save space on stacks

Typing is non-existant, strings are cast to integers, whole XML subtrees
to strings and so on.

The XPath
query language can be used to select elements or subtrees of XML documents.
Subtrees resulting from such selections can be assigned to variables
and passed as such to functions (templates in XSLT-speak)
but their elements cannot be accessed by XPath any more.

Although XSLT abhors brakets, ampersands and double quotes,
it is possible to clobber together arbitrary strings. But
it not possible to output them in HTML format contexts,
so it is necessary to hark back to hacks including iframes
with data: url hrefs.

The ironically named Chinese company Lemote
has produced Linux-based set-top boxes for some time.
What makes these and subsequent Lemote boxes unique is that they run
on MIPS64 CPUs.

Most commonly associated with MIPS are the legendary Silicon Graphics Workstations
of the 90s. But since then, MIPS-based boards have been used in many
consumer devices, e.g. most Linksys wireless routers, Cisco routers,
Playstations,

The CPU in Lemote's newer products is basically a MIPS R4700, called Godson or
Loongson-2E, with bigger cache and larger TLB.

What brought us to Lemote hardware was the
announcement of a completely
open-sourced netbook. From the boot monitor (a modified
PMON) to the desktop, everything was supposed to be open and modifiable.

The process of ordering hardware from Lemote turned out to be surprisingly simple.
After exchange of a few E-mails and an international money transfer,
we got six laptops with 1Gb RAM, 160 Gb disks,
American keyboards and an English Debian installation. Price after customs,
including shipping, was about 320 Euros per machine.

Jun Rekimoto's Time-Machine Computing
is a neat idea for representing large (probably not huge) amounts of personal
documents/images/other data in their chronological context.

It assumes that people have no problem remembering their actions
if given hints to what other actions they performed around the same time.
So instead of organising saved/created files by a rigorous
system of hierarchical sub-directories and names, one would
use on the creation or modification times and the good old neural network.

Rekimoto developed a Java-based desktop environment based on this idea.
A more practical approach IMHO would be to enhance one the many open source
file managers by a slide bar that allows to scroll backwards in time through
the directory. I.e. when activated, the position of the knob presents a
point in the past, the leftmost position representing the creation of
the oldest file in the displayed directories. At each position, the
only files shown would be the ones created at or around the date
represented by the position. All other files should be faded from view.

Another way of implementing a time view would be to center on a
selected, presumably well-remembered file and fade out all others,
the shading depending on the chronological distance from the selected
file. I.e. when you click on a file, you would clearly see the files
that you created shorly before/after the selected one, with earlier/later
one fading out progressively.

And again there's 24 bottles of beer waiting for the brave implementor …

The terms file server, file system and the abbreviation fs
appear a lot in Plan9 documentation. For example, there are the manpages
fs(3), fs(4), fs(8), and kfs(4).

First fs(4) aka Ken's FS. This was a file server
inside the kernel which required a specially built kernel and
was used together with a dedicated CPU server and
many terminals. It is not part of the kernel sources any more,
but its manpage lives on. To add confusion, there is also a
manpage fs(8)
for the console of Ken's fs.

Then there is kfs(4),
a file system for terminals.
It is implemented in user-space. No relation to Ken's FS besides the name.
Strangely there seems to be no option to repair
a broken kfs:

If the file system is inconsistent, the user is asked for permission to ream (q.v.) the disk.

(reaming means deleting).
kfs cannot be managed by a console like Ken's fs and
fossil, but
by options to an executable kfscmd.
UPDATEkfscmd has commands to repair a broken kfs.

As another example for the non-injectivity of abbreviations, there's
fs(3)
which is not a file system at all, but a kind of soft-raid that allows concatenation,
striping and (simple) mirroring of files, e.g. disks.

On the fourth hand, there is
fossil.
This is the current default for CPU and File servers. It can be configured to
move its blocks to an archival storage server
venti.
It is managed with its own console
fossilcons
which attaches itself not as /srv/fossilcons but
/srv/fscons.

OpenBSD: all: port Ai's setmacaddr patch
to 3.6. UPDATE The 12 l for this
have been (successfully) claimed by Christian Kellermann with his
patch to current.
UPDATE The OpenBSD team added the feature to the
source (by a different patch, prs 2117 and
2118).

libGMP: Support AMD64 with true 64bit arithmetics.

GnuPG: all hash implementations in cipher/
have a function {md,md5,rmd160,sha1,sha256,sha512}_write.
The implementation
is quite obfuscated with a totally unnecessary level of
recursion with several terminating conditions. Replace
these _write functions
by something more readable. UPDATE The terrible code is
by Ulrich Drepper, not gnupg's author Werner Koch.

Answer: all of them are equally likely outcomes of 23 coin-flips.
Sérgio B. Volchan tells the history of the concept
of randomness in mathematics
in an article
for the American Mathematical Monthly.
It is quite fascinating IMHO how seemingly resonable definitions
of randomness were put forward and shot down later to be replaced
with the next definition. The most recent definitions preclude
meaningful checks for randomness by examining finite parts of
a sequence, so the conundrum remains: Is 7 a random number?

The Jupiter ACE
was a home computer produced in the UK in the 80ies.
It had a FORTH interpreter instead the usual BASIC of the C64, BBC micro, etc.
Their Manual explains
the inner workings of the machine in an accessable way. Compare that
to the thousands of VBA books that keep the reader totally in the
dark what goes on behind the funny icons.

Spamfilters add complexity, which in turn makes v6 transition harder.
Setup:
Host A (running OpenBSD) has dual stack v4/v6 with routable v4 address
Host B (running Plan9) has dual stack v4/v6 with a subnet-local v4 address
Both machines have a routeable v6 address and run an MTA.
So I assumed that it should be possible to send mail from A to B.
Turns out to be not that simple. The Plan9's MTA uses various heuristics
to find out if incoming mail is spam (as do other MTAs). One of the checks is to connect
to the MTA listed in the MX record for the sender's address' domain.
Host A's MX record is v4-only, so B cannot connect to the
MTA, so it rejects the mail. Not only the sender and the receiver have
to be v6-enabled, but also the sender's MX (and probably the blacklist
providers, etc).

With a shell account on an arbitrary POSIX semi-compliant system, one should
have access to a Bourne-like Shell, awk, dc,
sed and companions. Given a source of randomness this should
be sufficient to code RSA + a symmetric cipher, kind of extremely poor man's
PGP.

I had some problems finding ways to output binary stuff from ksh.
UPDATE: New version seems to work with bash.

On Intel at 1.6 Ghz it encrypts/decrypts at 184 Bytes per second.
One optimization could be to put the keystream generation entirely in a dc script,
start that in a sub-process, and read single bytes from a fifo.
UPDATE: New version does this, 370 Bytes/sec now.

Key creation time and sigs from forgotten keys influences the ranking

All norms on key graphs have to deal with time somehow. This
is because keys are created over time, revoked, they expire, their passphrases
are forgotten … Signatures expire, point to revoked keys …
In the BC norm, this has a side-effect on newer keys:
since newer keys will never get signatures from revoked or unused
keys, they are at a serious disadvantage (sorry, weasel :-)).
If there are n keys in the component, and only one has
a link to/from an old key, then it's BC will increase by n-2
(because n-2 shortest paths lead through it to the forgotten
key).
At the moment I see no way of repairing this.

mmap(2) maps a file to a range of memory and gives
the calling process a void* to manipulate the contents
of the file. If no file descriptor is given, it creates an
“anonymous” memory range. In both cases, the memory range
can be used for inter-process communication.
As an additional feature, the caller can specify how child processes
see the memory. If MAP_INHERIT is set, the children
see the same as the parent. If additionally (or more precisely OR-ally)
MAP_PRIVATE is set, modifications (i.e. writes) by the parent are
invisible to the children. If MAP_SHARE is set, the
children see the bytes written by the parent. The minherit(2)
syscall allows setting these bits for arbitrary pages.

Now, what would be the most stressing situation for the kernel?
Overlapping memory ranges with different copy/share policies for
several generations of processes. This program does exactly that.
It subdivides the same piece of memory recursively, and each child
sets another inheritance policy on top of the set ones of the stack
of parents.

Usage: stress.mmap [-f file] [-m size] [-r level] [-n num]

-f <file> use <file> to mmap on
-m <size> size of mmaped area in bytes
-r <level> the number of recursions
-n <num> number of byteblocks to touch in each incarnation

TODO: let each child mmap the same file to another location,
with different policies…

It is hard to confine untrusted software to just the stuff it is
supposed to do. Server processes can be run as unprivileged users,
chrooted or jailed in their own namespaces. If the software has to
display something on the user's X11 however, different measures
have to be taken.

One approach is to run the program under surveillance of
systrace. This is good, but the code must have access
to the X server and could try to grab/inject XEvents.

The following script (download)
opens a nested X server (Xnest)
and starts an xterm on it, running as another user.
Starting from there, the user at the display can start a window
manager and the suspicious software itself.

The programs inside the nested X cannot access the surrounding
X display. With restrictive file permission on the regular
user's homedir and standard precautions about the other
user's account, this could protect against a few attacks.

Members of the security and safety community often claim
that software quality would improve if manufacturers would
be held liable for damages caused by their products.
The reasoning uses the negative incentive argument:
“If we produce faulty software, we will lose money.
Let's write correct software instead to increase shareholder
value.”

Let's examine this claim more closely:
A user experienced damage from a malfunctioning
program. How would she get compensation from the manufacturer?
Surely not by simply calling and announcing that a crash caused
X dollars of damage. Surely the vendor would claim that it
was a user error …. So user and vendor will end up in court.
The only proof of fault on the vendor side would be for the user to

recreate the state of her machine before the crash (how??)

reproduce the software error by taking actions explicitly mentioned in
the software's documentation.

Now suppose that there was a magical wand for taking snapshots of
computer states just before crashes. Or that the legal system
would permit claims on grounds of only the second part of the proof.
Then there would be a strong positive incentive to write software
that fails unreproducibly: “If our software's errors cannot
be demonstrated reliably in court, we will never lose money in
product liability cases.”

This introduces an interesting new paradigm of programming.
Methods of this school of programming could include:

Do something random

If an exception is raised which is not caused by
user input, look for a random function/method which can be called
in the current context and call that.

Procrastination

In multithreaded programs, if one thread runs into an error,
simply put this thread to sleep and hope nobody notices it.

Inject errors in other running programs.
Example: A SEGFAULT handler looks for other programs from
different vendors running on the same machine when the error
occurs and forwards the signal to one of them. It then simply
waits. The user might attribute the freezing of the program
to the crash of the other.

Of course, really unreliable code needs randomness to select the action
to take. All modern operating systems now come with random
number generators which could be used for that purpose.

In machines with hardwire unique ids (UIDs), e.g. from the TPM,
there is the interesting (and rewarding) possibility to tie the
random behaviour to the hardware. This would allow
software vendors to sell horoscopes for computers!

A prediction (which you can help to make self-fulfilling): we will find security holes in implementations of
protocol features which are

hardly ever used

not really understood

underspecified

Possible targets:

HTML & data: URLs

RFC 2397 defines
a URL type which carries its own content. This could play havoc with
HTML content filters, filtering proxies, and so-called "browser
security settings". Simply base64 the exploit and put it in
a <a href="data:base64...">. You can also
put iframes in data: URLs, which in turn …

ICMP EchoReq with a multicast source address (and they joined that
group)?

IPv6 options

I looked over the basic IPv6 RFCs (
2460,
2461,
2462,
2463)
recently. Very impressive, they defined a lot of really
incredible stuff. For example

the IPv6 Destination Options Header (RFC2460, Section 4.6)
is an optional header that allows to pad datagrams with zeros.
Glorio!

the IPv6 Routing Header (RFC2460, Section 4.6) defines
up to 127 hops through which a datagram should travel.
It specifies the hops by addresses, so that the header
alone can be up to 16 * 127 + 4 = 2036 bytes
long. The routing header may not be fragmented (RFC2460, Section 4.5),
and the minimum MTU is 1280 (RFC2460, Section 5). It makes the
mind boggle.

to compute the UDP body checksum, an IPv6 pseudo-header
has to be constructed in memory. The UDP checksum ignores the headers
between the address part and the UDP header, except when
there's a routing header present, in which case it has to
be parsed for the final hop, which will then be included
in the pseudo-header. Simple, fast, efficient.

While there are some compliance testing efforts, there seem
to be no checks about handling of non-compliant datagrams.
What happens if a datagram carries two routing headers,
three destination option headers, undefined NextHeader
values, or a Jumbogram header indicating a payload
of 4 Gigabyte on an ordinary ether interface?

Internationalization

Diverse pranks with Unicode are making the round (e.g.
shoestringfoundation's very own UTFbiffier), and the various
hacks to get wide-char support in standard applications,
and then there's Internationalized Domain Names
(RFC 3490)
and useful character encodings in X509 (for example Teletext
and T61Sting which includes really suprising chars,
see Peter Gutmann's highly readable X.509 style guide).
All that calls for further interesting exploits on the user interface.

ANSI terminal viruses (ok, it's viri, but tell that
to the walri)

We terribly ε¦ïʈè
ɦａϲќҽｒႽ
tend to use command line interfaces on terminals, consoles,
xterms or even screen.
But there's been lots of interesting attacks involving
magic escape sequences.
A
recent paper by H.D. Moore points out that this is a pending
threat still.

URG flags and pointers

The TCP urgent feature implements the strange ITU-y idea
of sideband signaling. It basically tells the socket
that there's much more interesting data somewhere
later in the TCP stream. Practically no program uses this,
but who knows what shenanigans might be caused by an
URG pointer in a Jumboframe …

The sharing and co-operative commenting of bookmark-like links is
a very interesting idea. It takes the slashdot/scoop idea
to the extreme because everybody can dump what they find
interesting and sort other suggestions by keywords aka tags.
Popular implementations such as
del.icio.us or
CiteULike
are nice and well, but they are centralized, easy to flood
and a bit too open for my taste. So I was happy to
see that Ricardo Signes wrote
Rubric,
a free implementation of a del.icio.us work-alike, and
Steve Mallet at de.lirio.us
adapted the interface to make it look like del.icio.us.
I'm testing it right now and would like to run my own
tagged bookmark store, integrate part of them with this blog
and share the links with friends.
The Rubric code depends on loads of Perl modules and
it takes some few minutes to configure it. Ricardo
provides scripts to import existing link-lists quickly,
without going through the web interface. The input
format is a YAML
dump of a reference to an array of hashes with certain keys.
I wrote a little script
to convert Lynx's bookmarks
to that format.Stay tuned …
Update: the script
now works for "DOCTYPE NETSCAPE-Bookmark-file-1", i.e. Firefox,
Mozillas as well.

There have been a lot of ideas about how to allow
multi-writer web pages. The simplest implementation is the classic wiki
(everybody can write everything), the most useless
idea in this area is Annotea
which requires modifications at the client (as proof of
irrelevance, they implemented it for Amaya).
There are many applications where the ability to add
comments would be useful, and where the wiki concept allows
too much mischief.
A group of brazilians implemented what they call
co-links. This trickery of php/sql/javascript allows readers to
insert links in a text and add links to existing lists of links.
They require no modifications at the browser and the
new links are stored at the server (not always a pro, but a
good start when compared to annotea, where all modifications
are stored at the W3C), but not the content they point at.
A nice application would be, e.g. a distributedly annotated
edition of a literary text.

The specs for the highly esoteric
Dynamic Delegation Discovery System (DDDS), RFCs 3401 to 3405 all
contain the following curious phrase:

The entire series of
documents is specified in "Dynamic Delegation Discovery System (DDDS)
Part One: The Comprehensive DDDS" (RFC 3401) [1]. It is very
important to note that it is impossible to read and understand a
single document in that series without reading the related documents.

Since each document stating this is
itself a part of the series, recursion kicks in and it becomes
“impossible to read and understand” any of the RFCs.
This does not bode well for the rest of the standard.

The mean-minimum-distance of a key to all other keys
in the web-of-trust gives some idea of the connectedness
of the key. This is done in Drew Streib and Jason Harris'
keyanalyze.
But it does not express how the key
contributes to the infrastructure of the web-of-trust.
It would be nice to have measurement of, e.g.,
the number of otherwise disjoint communities which
are connected only or mainly through a key.

A quantity that expresses something like this is the
Betweenness Centrality. In a nutshell, it is the
number of shortest paths which lead through a vertex in
a graph. The paths are taken from every vertex, to
every vertex. If there is more than one shortest path
between two vertices, the centrality of the vertices on
the paths is increased only by the fraction of paths
which they are part of.

Formally, Betweenness Centrality of a vertex v is defined as
the sum of [(number of shortest paths from s to t
that go through v) divided by (number of shortest paths
from s to t)], where s and t
run over all pairwise different vertices ≠ v.

The code in Cwot.tar.gz
computes the betweenness centrality
of all keys of a graph. The graph must be presented in
the preprocess.keys format as in keyanalyze.

To compile the code, simply type 'make'. If your system
does not have /usr/include/sys/queue.h or
/usr/include/sys/tree.h you have to un-comment one line
in the Makefile, see there.

The algorithm used to compute the Betweenness
Centrality was taken from a paper by Ulrik Brandes,
“A Faster Algorithm for Betweenness Centrality”
in “Journal of Mathematical Sociology”, 25(5):163-177, 2001.
The time-complexity is O(nm), where n is the number of
vertices (keys) and m the number of edges (signatures).
The space-complexity is O(n + m), but my clumsy
implementation might scale worse.

My PGP key resides on one single machine, which runs no
services and is mostly offline. Mail is delivered to
another well-connected box. The mailbox format is Maildir.
To decrypt mails I need to transfer the stuff to the
machine with the key.
My .procmailrc on the connected box:

To sync the files to the secure box, I use
rsync.
The problem is that my mail reader renames the
files in the maildir to store flags like read,
replied, so rsync pulls too
many files. The following script helps:

networking (Addresses, DNS, IDs for various types of sessions like in TCP or RPC, …)

crypto (Identifiers in certificates, fingerprints in PGP, …)

law (Trademarks, libels, …)

Unfortunately, computer science is mostly ignoring the whole topic.
In the hope to change this a little, I'm building a
bibliography/link list on naming.
Additions, corrections and comments are welcome!

The common technique for signing large amounts of keys
after a key-signing party is to, well, simply sign all
keys and mail them to their owners. But this might not
the best way. Because if you sign a key, you often
sign many uids with different e-mail addresses. If
any but one of these don't work you won't notice, because you
signed all of them and mailed the result around.
Thus your signature certifies that this key belongs
to addresses it doesn't really belong to.

To avoid this, Peter Palfrader
wrote caff. This Perl script
converts keys with many uids to many keys with just one
uid each, and signs these. It then encrypts each signed
key with itself and sends it to the e-mail address in
the uid. This helps to assure that you don't sign uids
with e-mail addresses which aren't under the control of
the signee. Caff removes other signatures from the keys
as well, to make the mails smaller and easier to process.

Peter Palfrader is the author of caff, I merely added a
few features to allow signing with multiple and older keys,
and to have caff just save the mails in a folder instead
of sending them off at once.

NEWS

I carry around my old Vaio and connect it to
different subnets. Typing the same commands
(ifconfig ....; route delete default;
route add default ...; cp /etc/resolv.conf.place /etc/resolv.conf;
...)
every time I reconnected got boring, so the stuff
went into scripts. I later heard of Felix von Leitner's
divine.
It sends out fake ARP requests to divine to which
network the machine is connected, and takes configured
actions depending on the results.

It turns out
that it's pretty easy to re-implement this with
“standard&ddquo; utilities on OpenBSD. I use
arping by Thomas Habets from the ports-tree
and
ifstated supplied in the OpenBSD source tree.
ifstated is not installed in the standard
build process, but a simple cd /usr/src/usr.sbin/ifstated
make && make install
fixes that. The documentation for the config-file
ifstated.conf is non-existant, but an
example is in /usr/src/etc/ifstated.conf.

You can take my
minimal config
for multiple networks and adapt it by substituting
the name of your interface, the IP/MACs of the hosts
in your networks. Works fine in my setup.

While preparing a talk about extensions of
Merkle's hash trees, I found that it's extremely
complicated to draw nice binary trees with
WYSIWG software.
So I wrote code to do it.
It's in Perl and uses the GD module. GD's handling of
colors is awkward, but the code does it's magic.

One problem with steganography is that the embedding of
hidden text in the covertext changes the statistical
characteristics of the covertext. With large amounts
of covertext, it becomes obvious. Niels Provos
addressed this in Outguess
by changing other bits in the covertext to minimize
the impact of the embedding on the chi-square test.
Would it be easier to embed undetectably if we can
generate the covertext ourselves. Definitely!
Mybal.pl does this. Supply
it with an ASCII text and it computes the
probabilities of characters following every sequence
of characters in the text. Supply it with a key,
a message to embed and a word, and it
will generate a covertext starting with that word.
The covertext has exactly the same probability
distribution as the orginal text, but the message
can be extracted from it, if the key is known.
How does it work? Mybal takes the word to start with,
interprets it as a sequence of chars and checks which
chars would be next in the sequence, and how probable
each of them are. It then throws a biased die (a PRNG
seeded with the key) to decide which char is next.
It appends that char and interprets the result as another
sequence and so on. If the list of possible next characters
contains two chars with the same probability and
the keyed random number generator chooses one of them
mybal looks for the next message bit to embed. If it's
a zero, then the randomly chosen char is appended.
If it's a one, the other equally likely char is appended.
This guarantees that the probability distribution is
always the same as in the orginal.
To extract the message, mybal starts with the first word
and walks along the covertext, always checking the list
of possible next chars. If the char in the covertext has
the same probability as another char in the list, then
a message bit could be embedded with that char. To check which
bit it was, mybal uses the keyed PRNG to generate the text
itself and thus sees which char it would have chosen on a
one or zero bit.

Assume that you have control over a zone somezone.net,
i.e. you can add records in that zone. With
this patch
to bind-9.1.3 you can designate a new domain, even a
TLD, e.g. .mytld. Every hostname h.mytld in that zone
is CNAMEd to a hostname j in somezone.net, where
j = SHA1(h . <secret>). <secret> is
set in bind's config file. This allows you to assign
arbitrary meaningful names in .mytld, like
icannsucks.mytld. The DNS queries that leave the subnet
with your modified bind refer to meaningless hostnames in
somezone.net. If you want to share this local namespace
with someone, you just have to send him/her the configfile entry
that defines the TLD and the secret.

At the Privacy Enhancing Technologies Workshop in 2004, Ben Laurie and
I did the following experiment: Take all RSA moduli from PGP keys presumably
created with old versions of PGP and compute the pairwise gcds
(Peter Palfrader supplied us with the keys). It turns out
that two keys of about 18.000 have a common divisor in their moduli:

pub 512R/A6A0B399 1994-08-22
uid Joe Schmuckley

and

pub 1024R/575F0491 1995-04-25
uid Ptolemy\x94XIV

I attacked the second key with Paul Zimmermann's Elliptic Curve Factoring implementation.
The key's modulus is
154956266345084069226862248372110371166938886489752239052876482944564582890929018924713228062182549387370501917548067050125166825561248271290123809111584367013542131148718493052910832027118594514063050953864709464909322903154243080328106157412235640682459755462203449571275078025946614196463838287264848217233
This is not the product of two primes. So far we found the
following factors:

3 (Yes, three!)

3 (Yes, it's not even squarefree)

42742556573248957

314267779982277702367112491702024117309

The remainder is not prime but seems to contain no factors smaller
than 150 bits.

Fascinated by the Auralizer, I started my own, simplified
version, Netsound. The idea is to define
sound events to be triggered by network events. In netsound, you can
set pcap(3) filters together with bounds and the sound
to play if the event occured that often. E.g.:

The Blum-Blum-Shub Pseudo Random Number Generator works basically as follows:

Setup

Generate two large primes such that they both equal 3 mod 4

Take the product N and forget the primes

Fetch an initial state x_0 from a true RNG

Operation per step

compute next state: x_{i+1} = x_i^2 mod N

output the least significant bit of x_{i+1}

Blum, Blum and Shub show that predicting the next bit from
the observed output is as hard as factoring N. In addition,
after erasing the primes computing previous states from the current one
is as hard as factorization. A problem exists with the
expected cycle length of the produced random bits. As
Terry Ritter pointed out, maximum cycles (near the size of N)
can be assured by choosing the primes as “double--Germain”,
i.e. p = p'*2 + 1, p' = p''*2 + 1, with p, p', p'' all prime.
My implementation generates
such primes. A possible application for BBS is generating
strong randomness on embedded devices without physical sources
of randomness. Upon initialization,
a truely random seed could be stored on the device, which later is
updated synchronously after each step of the algorithm.

Bored with being eleet on IRC? Why not take a look at
the forthcoming 32-bit eleetness brought to you by
Unicode(TM)(R)?
At the Shoestring Foundation Labs, where we invented
time machines long before H.G. Wells could think of one,
we are in the process of converting boring old ASCII
to totally eleet Unicode. See our example page!.

In contexts like remailers it is impossible to have the
originator of a message solve puzzles interactively. But
with quasi-synchronous clocks (exact up to a few hours perhaps)
and a small database, it is possible to implement offline
Hashcash. Such a Hashcash Check looks like:

It is bound to a recipient (provos@citi.umich.edu) and a date,
so presenting the same check to other parties or to the same party after
a certain period of validity will fail. For the period of validity
the recipient has to store the Rand value and compare incoming
Hashcash Checks against the list of received checks. If the Rand
is on the list or the date outside the validity, the Hashcash is ignored.
And it's all implemented in Perl.
Adam Back has a similiar
scheme with shorter messages intended to be embedded in headers of
other protocols.